General
-
Target
fivemhacks.zip
-
Size
84.9MB
-
Sample
240522-za2f7sfe2y
-
MD5
d11064203ef79fb28a7cbf22f1ab7c9e
-
SHA1
2c9c3d3dcb756211b78d2d5f024e091a0a2fb47c
-
SHA256
c856c18fcb12e046ccafa1d8e734136e30070963e9d3eea5440d339d6cc886d6
-
SHA512
e704c7571f385e1638c277b0a79b972e89702ec7168afe688352fe358ffa3ce25e5442934bfc3c17c881d363d5a33e5c027ab977f4be7587aa1ef4d29057bccb
-
SSDEEP
1572864:AILaPGvNKvAi2YrRina0L04kvpMT7ofTCbe9dR7m+D5Q5G1bpIZCk7V2Q1lLC39R:AILaMNKvAiFrRia0L0vyT7EaejDRb0h8
Malware Config
Targets
-
-
Target
fivemhacks.exe
-
Size
85.1MB
-
MD5
1b8059cf9351517e47ace91f975bebd7
-
SHA1
4a5d3cd9461c01744a4073c4198c8e5022a3a989
-
SHA256
729814d839a09d21cd8a566f748d8be9b61983a4aa003c39de28cf1090b51c97
-
SHA512
0e2b874e1dc6dc1f6c2b3f80cdf1423c5c0cc0c62bb3d61088ab34a13e24d8ec1e33d31c5a0421c1e3de529f5f5ed37dfb7268625f722a592922445d30bbf5a6
-
SSDEEP
1572864:XUTRPU1e4iamkhLDyPlVQ8ZtOznqf3Gd6xdnj+Y/5szkd95E7uZvzChW6toS/OYH:XUTR4e4iadhLDy9VLaznyo6V/193FGhH
-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1